ENFORCING POLICY-BASED COMPLIANCE OF VIRTUAL MACHINE IMAGE CONFIGURATIONS

摘要

Techniques are disclosed for data risk management in accessing an Infrastructure as a Service (IaaS) cloud network. More specifically, embodiments of the invention evaluate virtual machine images launched in cloud-based environments for compliance with a policy. After intercepting a virtual machine image launch request, an intermediary policy management engine determines whether the request conforms to a policy defined by a policy manager, e.g., an enterprise's information security officer. The policy may be based on user identities, virtual machine image attributes, data classifications, or other criteria. Upon determining whether the request conforms to policy, the policy management engine allows the request, blocks the request, or triggers a management approval workflow.

主权项

1. A method for enforcing policy-based compliance in launching a virtual machine image configuration, the method comprising:
receiving a request to launch a virtual machine image having a plurality of attributes, wherein the request specifies a storage resource to attach the launched virtual machine image; and upon determining that the request conforms to a policy, forwarding the request to a cloud management platform.